CVE-2023-5916

Published: Nov 2, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability.

Affected (1)

Products: Dashy: Dashy

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dashy Dashy	Version 2.1.1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

https://github.com/Lissy93/dashy/issues/1336

Source: cna@vuldb.com

ExploitIssue Tracking

https://treasure-blarney-085.notion.site/Dashy-0dca8a0ebbd84f78ae6d03528ff1538c?pvs=4

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.244305

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.244305

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/Lissy93/dashy/issues/1336

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://treasure-blarney-085.notion.site/Dashy-0dca8a0ebbd84f78ae6d03528ff1538c?pvs=4

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://vuldb.com/?ctiid.244305

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.244305

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.